How to block/ban connection attempts by hostname permanently?

one essential question about securing my ISPConfig servers is, am I able to and how can I block any connection attemts by blocking or banning a whole domainname including all hosts (in subdomains)?
I was searching the web for a copple of hours now and ONLY found information about blocking / banning / null routing IP addresses but nothing about domainnames and hostnames (maybe directly in IPTABLES, but I´m not that well practiced, I don´t know how or if it has an effect on a well configured ISPConfig and at least it is not very comfortable to do).

Particularly I´m facing the following problem:
For a long time my email warn protocol is full of lines like this...

1. It would be good to free my log files of this thousands of lines with the same domain (only different hostname in subdomain) to get a better overview of other important informations

2. There are dozens of HACKER AND SPAMER FRIENDLY services like hidehost.net - so it would be nice not only to ban each attempt for some minutes (in fact, the hacker or spamer script on the dark side will not be very impressed by this diplomatically very polite restriction (typically european)), but to ban all connection attempts by this domain permantently as I´m not really in expectation of any kind of usefull information (Email or whatever) by people using this services

Please give me a hint on how I can get rid of this problem. Maybe I only was searching by wrong search terms...

am I able to and how can I block any connection attemts by blocking or banning a whole domainname including all hosts (in subdomains)?

Click to expand...

No, not with just iptables. Iptables rules only match an ip address. You can add iptables rules for a hostname, but the dns lookup is done one time when the rule is added, and a rule for the resulting ip address(es) is added. You cannot add a rule for a hostname which cannot be looked up in DNS at the time it's added, so of course you cannot add rules for "all subdomains" because you don't know what those hostnames are.

So what do you do? I'd look at a combination of blocking in specific services like postfix and apache which can perform dns for new connections and reject accordingly. Combine that with some fail2ban rules which monitor the log files to catch entries that match those and you get a reasonably functional (though far from perfect) version of what you were wanting.